问题描述
我的Rails应用程序(使用Devise + Devise LDAP Authenticatable)和尝试与之通信的Active Directory服务器存在一些连接问题.
I'm having some connectivity issues with my Rails app (using Devise + Devise LDAP Authenticatable) and the Active Directory server I'm attempting to communicate with.
我已经能够使用以下命令成功执行绑定并使用ldapsearch
搜索:
I've been able to successfully perform a bind and search with ldapsearch
using the following command:
ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "[email protected]" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail
ldapsearch -H ldap://ad.example.com:389 -b "ou=dept,ou=Users,ou=company,dc=example,dc=com" -D "[email protected]" -W "&(objectClass=organizationalPerson)(objectClass=Person))" mail
既然可行,我假设我的devise_ldap_authenticatable配置出现问题,如下所示:
Since that works, I'm assuming I have an issue with my devise_ldap_authenticatable configuration, which looks like:
development:
host: ad.example.com
port: 389
attribute: mail
base: ou=dept,ou=Users,ou=company,dc=example,dc=com
objectClass: organizationalPerson
objectClass: Person
ssl: false
使用Wireshark,我能够从成功的绑定/搜索(CLI)和失败的绑定/搜索(Rails)捕获流量.成功绑定成功将电子邮件地址作为bindRequest
(LDAPMessage bindRequest(1) "[email protected]" simple
)的一部分正确发送,但是来自Rails应用程序的bindRequest
看起来像LDAPMessage bindRequest(1) "<ROOT>" simple
Using Wireshark I was able to capture traffic from both the successful bind/search (CLI) and the failed bind/search (Rails). The successful bind correctly sends the email address as part of the bindRequest
(LDAPMessage bindRequest(1) "[email protected]" simple
) but the bindRequest
from the Rails app looks like LDAPMessage bindRequest(1) "<ROOT>" simple
有人能发现我的配置存在明显问题吗?谁能将我的ldapsearch
命令转换为正确的YAML配置?
Is anyone able to spot an obvious issue with my config? Can anyone translate my ldapsearch
command into a proper YAML config?
推荐答案
我以前曾使用过Devise.rb
配置选项,但是一定做错了.
I had played around with this Devise.rb
config option previously, but must have done something incorrect.
在Devise.rb
中添加以下内容似乎已经解决了我的绑定问题:
Adding the following to Devise.rb
seems to have resolved my bind issue:
config.ldap_auth_username_builder = Proc.new() { |attribute, login, ldap| login }
这篇关于正确配置devise_ldap_authenticatable的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!